ComboFix log:
ComboFix 07-08-04.3 - "Don" 2007-08-07 15:39:56.1 [GMT -4:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.True
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\DOCUME~1\Don\Desktop\internet.lnk
C:\DOCUME~1\Don\MYDOCU~1.\ssembl~1
C:\DOCUME~1\Don\MYDOCU~1.\ssembl~1\tracert.exe
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\Common Files\winantispyware 2007\uwas7cw.exe
C:\Program Files\Common Files\winantispyware 2007\WAS7Mon.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\Windows Media Player\zyronynu.html
C:\temp\0c2
C:\temp\0c2\tmpFF.log
C:\temp\brr
C:\temp\brr\tmpZTF.log
C:\WINDOWS\pf78.exe
C:\WINDOWS\rau001978.exe
C:\WINDOWS\sembly~1
C:\WINDOWS\sembly~1\??rvices.exe
C:\WINDOWS\smbols~1
C:\WINDOWS\system32\9.exe
C:\WINDOWS\system32\awtqpml.dll
C:\WINDOWS\system32\awtroll.dll
C:\WINDOWS\system32\calsp.dll
C:\WINDOWS\system32\drivers\fopn.sys
C:\WINDOWS\system32\epdt.dll
C:\WINDOWS\system32\G1
C:\WINDOWS\system32\G11
C:\WINDOWS\system32\G3
C:\WINDOWS\system32\G7
C:\WINDOWS\system32\G9
C:\WINDOWS\system32\G9\wb720.exe
C:\WINDOWS\system32\icroso~1.net
C:\WINDOWS\system32\icroso~1.net\javaw.exe
C:\WINDOWS\system32\lspak.dll
C:\WINDOWS\system32\mljghif.dll
C:\WINDOWS\system32\poqss.ini
C:\WINDOWS\system32\qqpetqdc.dll
C:\WINDOWS\system32\ssqop.dll
C:\WINDOWS\system32\tuvsrqp.dll
C:\WINDOWS\system32\win
C:\WINDOWS\system32\wnsinticomsv32.exe
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FOPN
-------\LEGACY_NET_AGENT
-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
-------\Net Agent
((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))
2007-08-07 15:38 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-07 15:32 3,072 --a------ C:\WINDOWS\system32\wlzxha.exe
2007-08-07 15:09 d-------- C:\WINDOWS\ERUNT
2007-08-07 13:49 d-------- C:\DOCUME~1\Don\.housecall6.6
2007-08-07 10:52 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2007-08-07 10:52 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2007-08-07 10:52 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2007-08-07 10:52 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2007-08-07 10:52 112,640 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2007-08-07 10:51 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2007-08-07 10:51 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2007-08-07 10:51 8,064 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
2007-08-07 10:51 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2007-08-07 10:51 701,386 --a--c--- C:\WINDOWS\system32\dllcache\wdhaalba.sys
2007-08-07 10:51 7,680 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2007-08-07 10:51 53,760 --a--c--- C:\WINDOWS\system32\dllcache\wiamsmud.dll
2007-08-07 10:51 44,928 --a--c--- C:\WINDOWS\system32\dllcache\watv03nt.sys
2007-08-07 10:51 35,871 --a--c--- C:\WINDOWS\system32\dllcache\wbfirdma.sys
2007-08-07 10:51 34,890 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys
2007-08-07 10:51 31,104 --a--c--- C:\WINDOWS\system32\dllcache\watv04nt.sys
2007-08-07 10:51 30,208 --a--c--- C:\WINDOWS\system32\dllcache\wceusbsh.sys
2007-08-07 10:51 29,440 --a--c--- C:\WINDOWS\system32\dllcache\watv01nt.sys
2007-08-07 10:51 23,680 --a--c--- C:\WINDOWS\system32\dllcache\wch7xxnt.sys
2007-08-07 10:51 19,456 --a--c--- C:\WINDOWS\system32\dllcache\watv02nt.sys
2007-08-07 10:51 18,688 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2007-08-07 10:51 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2007-08-07 10:51 148,992 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
2007-08-07 10:51 12,672 --a--c--- C:\WINDOWS\system32\dllcache\wadv01nt.sys
2007-08-07 10:51 12,288 --a--c--- C:\WINDOWS\system32\dllcache\wadv02nt.sys
2007-08-07 10:51 12,160 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
2007-08-07 10:51 12,032 --a--c--- C:\WINDOWS\system32\dllcache\wadv05nt.sys
2007-08-07 10:50 94,720 --a--c--- C:\WINDOWS\system32\dllcache\umaxud32.dll
2007-08-07 10:50 81,408 --a--c--- C:\WINDOWS\system32\dllcache\tgiul50.dll
2007-08-07 10:50 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2007-08-07 10:50 794,399 --a--c--- C:\WINDOWS\system32\dllcache\usr1806v.sys
2007-08-07 10:50 793,598 --a--c--- C:\WINDOWS\system32\dllcache\usr1806.sys
2007-08-07 10:50 77,184 --a--c--- C:\WINDOWS\system32\dllcache\tffsport.sys
2007-08-07 10:50 765,884 --a--c--- C:\WINDOWS\system32\dllcache\usrti.sys
2007-08-07 10:50 75,264 --a--c--- C:\WINDOWS\system32\dllcache\tp4mon.exe
2007-08-07 10:50 7,556 --a--c--- C:\WINDOWS\system32\dllcache\usroslba.sys
2007-08-07 10:50 69,632 --a--c--- C:\WINDOWS\system32\dllcache\umaxu12.dll
2007-08-07 10:50 687,999 --a--c--- C:\WINDOWS\system32\dllcache\usrwdxjs.sys
2007-08-07 10:50 64,605 --a--c--- C:\WINDOWS\system32\dllcache\vvoice.sys
2007-08-07 10:50 604,253 --a--c--- C:\WINDOWS\system32\dllcache\vmodem.sys
2007-08-07 10:50 56,448 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-08-07 10:50 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2007-08-07 10:50 50,688 --a--c--- C:\WINDOWS\system32\dllcache\umaxscan.dll
2007-08-07 10:50 50,176 --a--c--- C:\WINDOWS\system32\dllcache\umaxp60.dll
2007-08-07 10:50 49,664 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2007-08-07 10:50 47,616 --a--c--- C:\WINDOWS\system32\dllcache\umaxcam.dll
2007-08-07 10:50 440,576 --a--c--- C:\WINDOWS\system32\dllcache\tridkb.dll
2007-08-07 10:50 42,496 --a--c--- C:\WINDOWS\system32\dllcache\tp4res.dll
2007-08-07 10:50 4,992 --a--c--- C:\WINDOWS\system32\dllcache\toside.sys
2007-08-07 10:50 4,352 --a--c--- C:\WINDOWS\system32\dllcache\viaide.sys
2007-08-07 10:50 397,502 --a--c--- C:\WINDOWS\system32\dllcache\vpctcom.sys
2007-08-07 10:50 36,736 --a--c--- C:\WINDOWS\system32\dllcache\ultra.sys
2007-08-07 10:50 34,375 --a--c--- C:\WINDOWS\system32\dllcache\tpro4.sys
2007-08-07 10:50 315,520 --a--c--- C:\WINDOWS\system32\dllcache\trid3d.dll
2007-08-07 10:50 31,744 --a--c--- C:\WINDOWS\system32\dllcache\tp4.dll
2007-08-07 10:50 31,359 --a--c--- C:\WINDOWS\system32\dllcache\usb101et.sys
2007-08-07 10:50 28,232 --a--c--- C:\WINDOWS\system32\dllcache\tos4mo.sys
2007-08-07 10:50 28,160 --a--c--- C:\WINDOWS\system32\dllcache\umaxu40.dll
2007-08-07 10:50 27,392 --a--c--- C:\WINDOWS\system32\dllcache\viaagp.sys
2007-08-07 10:50 26,624 --a--c--- C:\WINDOWS\system32\dllcache\umaxu22.dll
2007-08-07 10:50 249,402 --a--c--- C:\WINDOWS\system32\dllcache\vinwm.sys
2007-08-07 10:50 241,664 --a--c--- C:\WINDOWS\system32\dllcache\tosdvd02.sys
2007-08-07 10:50 24,576 --a--c--- C:\WINDOWS\system32\dllcache\viairda.sys
2007-08-07 10:50 24,192 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2007-08-07 10:50 230,912 --a--c--- C:\WINDOWS\system32\dllcache\tosdvd03.sys
2007-08-07 10:50 224,802 --a--c--- C:\WINDOWS\system32\dllcache\usr1807a.sys
2007-08-07 10:50 222,336 --a--c--- C:\WINDOWS\system32\dllcache\trid3dm.sys
2007-08-07 10:50 22,912 --a--c--- C:\WINDOWS\system32\dllcache\umaxpcls.sys
2007-08-07 10:50 216,064 --a--c--- C:\WINDOWS\system32\dllcache\um34scan.dll
2007-08-07 10:50 211,968 --a--c--- C:\WINDOWS\system32\dllcache\um54scan.dll
2007-08-07 10:50 19,528 --a--c--- C:\WINDOWS\system32\dllcache\w840nd.sys
2007-08-07 10:50 19,016 --a--c--- C:\WINDOWS\system32\dllcache\w926nd.sys
2007-08-07 10:50 166,784 --a--c--- C:\WINDOWS\system32\dllcache\tridxpm.sys
2007-08-07 10:50 16,925 --a--c--- C:\WINDOWS\system32\dllcache\w940nd.sys
2007-08-07 10:50 159,232 --a--c--- C:\WINDOWS\system32\dllcache\tridkbm.sys
2007-08-07 10:50 15,616 --a--c--- C:\WINDOWS\system32\dllcache\usbohci.sys
2007-08-07 10:50 138,528 --a--c--- C:\WINDOWS\system32\dllcache\tgiulnt5.sys
2007-08-07 10:50 123,995 --a--c--- C:\WINDOWS\system32\dllcache\tjisdn.sys
2007-08-07 10:50 113,762 --a--c--- C:\WINDOWS\system32\dllcache\usrpda.sys
2007-08-07 10:50 11,520 --a--c--- C:\WINDOWS\system32\dllcache\twotrack.sys
2007-08-07 10:49 99,328 --a--c--- C:\WINDOWS\system32\dllcache\srusd.dll
2007-08-07 10:49 94,293 --a--c--- C:\WINDOWS\system32\dllcache\sxports.dll
2007-08-07 10:49 9,600 --a--c--- C:\WINDOWS\system32\dllcache\sonymc.sys
2007-08-07 10:49 7,296 --a--c--- C:\WINDOWS\system32\dllcache\sonyait.sys
2007-08-07 10:49 7,040 --a--c--- C:\WINDOWS\system32\dllcache\tandqic.sys
2007-08-07 10:49 7,040 --a--c--- C:\WINDOWS\system32\dllcache\snyaitmc.sys
2007-08-07 10:49 61,824 --a--c--- C:\WINDOWS\system32\dllcache\speed.sys
2007-08-07 10:49 6,784 --a--c--- C:\WINDOWS\system32\dllcache\smbhc.sys
2007-08-07 10:49 6,528 --a--c--- C:\WINDOWS\system32\dllcache\smbclass.sys
2007-08-07 10:49 58,368 --a--c--- C:\WINDOWS\system32\dllcache\smiminib.sys
2007-08-07 10:49 53,760 --a--c--- C:\WINDOWS\system32\dllcache\sw_wheel.dll
2007-08-07 10:49 53,248 --a--c--- C:\WINDOWS\system32\dllcache\stlncoin.dll
2007-08-07 10:49 48,736 --a--c--- C:\WINDOWS\system32\dllcache\srwlnd5.sys
2007-08-07 10:49 45,568 --a--c--- C:\WINDOWS\system32\dllcache\smb3w.dll
2007-08-07 10:49 41,472 --a--c--- C:\WINDOWS\system32\dllcache\sw_effct.dll
2007-08-07 10:49 37,961 --a--c--- C:\WINDOWS\system32\dllcache\tdk100b.sys
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-07 15:54 10580 --a------ C:\WINDOWS\ennkho.dll
2007-08-07 14:46 39049 --a------ C:\WINDOWS\system32\nvModes.dat
2007-07-31 20:57 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-07-31 15:27 --------- d--h----- C:\Program Files\WindowsUpdate
2007-07-31 14:43 --------- d-------- C:\Program Files\Movie Maker
2007-07-31 14:41 23332 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-07-31 14:41 --------- d-------- C:\Program Files\Windows NT
2007-07-31 14:15 --------- d-------- C:\Program Files\Apoint
2007-07-30 13:34 --------- d-------- C:\Program Files\Symantec
2007-07-30 13:33 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-30 00:55 --------- d-------- C:\Program Files\Warcraft III
2007-07-14 07:04 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-06-17 08:20 --------- d-------- C:\DOCUME~1\Don\APPLIC~1\Viewpoint
2007-06-16 01:55 76166 --a------ C:\WINDOWS\War3Unin.dat
2007-06-16 01:33 2829 --a------ C:\WINDOWS\War3Unin.pif
2007-06-16 01:33 139264 --a------ C:\WINDOWS\War3Unin.exe
2006-01-11 12:54 21032 --a------ C:\DOCUME~1\Don\APPLIC~1\GDIPFONTCACHEV1.DAT
1989-12-12 15:10:10 650,000 --sh--r C:\WINDOWS\ostgdqd.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A8EF9C0-3B5A-39FF-2972-4FB60F3DF2C6}]
2007-08-01 09:43 60928 --a------ C:\WINDOWS\System32\qvygjf.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EB8C004-A427-424C-8478-83E749937DA3}]
C:\WINDOWS\System32\vtstq.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E0C0142-DE5E-44F0-A9FC-F117B3BBB6A2}]
C:\Program Files\Internet Explorer\rywygo83122.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-04-17 14:38]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"Narrator"="C:\WINDOWS\System32\rpitwb.exe" [2005-01-30 10:05]
"vptray"="C:\Program Files\NavNT\vptray.exe" [2002-03-29 15:14]
"CARPService"="carpserv.exe" [2004-03-15 15:17 C:\WINDOWS\system32\carpserv.exe]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2002-08-22 20:28]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-02-10 10:27]
"nwiz"="nwiz.exe" [2004-03-15 15:04 C:\WINDOWS\system32\nwiz.exe]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 17:18]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-18 08:00]
"Ncao"="C:\DOCUME~1\Don\MYDOCU~1\SSEMBL~1\tracert.exe" []
"Uaoa"="C:\WINDOWS\System32\ICROSO~1.NET\javaw.exe" []
"Kahcih"="C:\WINDOWS\??sembly\??rvices.exe" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
tkuwhi.exe [2007-07-30 08:52:16]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Windows Media Player\zyronynu.html
FriendlyName=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
C:\WINDOWS\System32\LgNotify.dll 2003-03-24 12:26 110592 C:\WINDOWS\system32\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtstq]
C:\WINDOWS\System32\vtstq.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^tkuwhi.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\tkuwhi.exe
backup=C:\WINDOWS\pss\tkuwhi.exeCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Don^Start Menu^Programs^Startup^TA_Start.lnk]
path=C:\Documents and Settings\Don\Start Menu\Programs\Startup\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alchem]
C:\WINDOWS\alchem.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]
C:\Program Files\BullsEye Network\bin\bargains.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CardScan AutoSync]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CARPService]
carpserv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
"C:\Program Files\Common Files\CMEII\CMESys.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\conscorr]
C:\WINDOWS\conscorr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\System32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dloesldA]
C:\WINDOWS\dloesldA.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EbatesMoeMoneyMaker0]
"C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eZWO]
C:\PROGRA~1\Web Offer\wo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezyxrt]
C:\WINDOWS\System32\kpqnbjtv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\PROGRA~1\MICROS~4\wcescomm.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hod]
C:\WINDOWS\hod.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]
C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryManager]
rundll32.exe "C:\WINDOWS\System32\hvuucjno.dll",sitypnow
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mjtxuowa]
C:\WINDOWS\System32\kpqnbjtv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyDailyHoroscope]
C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Narrator]
C:\WINDOWS\System32\rpitwb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ncao]
"C:\DOCUME~1\Don\MYDOCU~1\SSEMBL~1\tracert.exe" -vt yazb
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
C:\Program Files\Plaxo\2.0.0.116\InstallStub.exe -a
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
"C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\saap]
c:\windows\180solutions\saap.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\salm]
c:\temp\salm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SESync]
"C:\Program Files\SED\SED.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\userinit]
C:\Documents and Settings\Don\Application Data\ntos.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vpyl]
C:\WINDOWS\s?mbols\d?xplore.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]
"C:\Program Files\Web_Rebates\WebRebates0.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win Server Updt]
C:\WINDOWS\wupdt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zulvbszmlbb]
C:\WINDOWS\System32\kpqnbjtv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0B-B6-6F-F4-ZN}]
C:\windows\system32\mldsregn.exe SKY009
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MDM"=2 (0x2)
"RegSrvc"=2 (0x2)
"WinToolsSvc"=2 (0x2)
"S24EventMonitor"=2 (0x2)
"NetSvc"=3 (0x3)
"AOL ACS"=2 (0x2)
"DomainService"=2 (0x2)
R0 DevUpper;TI UltraMedia CardBus Controller Filter Driver;C:\WINDOWS\System32\DRIVERS\tiumflt.sys
R0 Gernuwa;Gernuwa;C:\WINDOWS\System32\drivers\Gernuwa.sys
R2 NAVAPEL;NAVAPEL;\??\C:\Program Files\NavNT\NAVAPEL.SYS
R2 s24trans;WLAN Transport;C:\WINDOWS\System32\DRIVERS\s24trans.sys
R2 StreamDispatcher;StreamDispatcher;C:\WINDOWS\System32\DRIVERS\strmdisp.sys
R3 GTICARD;GTICARD;C:\WINDOWS\System32\DRIVERS\gticard.sys
R3 HSFHWICH;HSFHWICH;C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys
R3 NAVAP;NAVAP;\??\C:\Program Files\NavNT\NAVAP.sys
R3 tiumfwl;tiumfwl;C:\WINDOWS\System32\drivers\tiumfwl.sys
R3 w70n51;Intel(R) PRO/Wireless 7100 Adapter Driver;C:\WINDOWS\System32\DRIVERS\w70n51.sys
S2 PosUsb;USB Serial interface Driver (POS);C:\WINDOWS\System32\DRIVERS\posusb.sys
S3 awhost32;pcAnywhere Host Service;C:\Program Files\Symantec\pcAnywhere\awhost32.exe
S3 gv3;Intel GV3 Processor Driver;C:\WINDOWS\System32\DRIVERS\gv3.sys
S3 usb_rndisx;USB RNDIS Adapter;C:\WINDOWS\System32\DRIVERS\usb8023x.sys
S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\System32\DRIVERS\wanatw4.sys
S4 WinToolsSvc;WinTools for IE service;C:\Program Files\Common Files\WinTools\WToolsS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\6946924a-871f-4bbb-9002-7ba4a48a2de7]
C:\WINDOWS\System32\wlzxha.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-08-07 15:54:16
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040820900063D11C8EF00054038389C\Usage]
"WORDFiles"=dword:3707ac9b
"EXCELFiles"=dword:3707533e
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000019f
"TracesSuccessful"=dword:00000042
scanning hidden files ...
**************************************************************************
Completion time: 2007-08-07 15:58:52 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-07 15:57
--- E O F ---